Security Tools

One platform to discover, assess, and protect all AI usage across your organization. FireTail gives you complete coverage across every employee, browser, device, application, and agent. Get the visibility, security and control you need to enable AI innovation at scale. Blackhat USA & Asia 2025 Startup Spotlight Top 4; TechCrunch Disrupt 2024 Startup Battlefield 200; SOC 2 Type 2

We are full force into cloud-based AI security scanners. Foil does it on your Mac, locally. Your code never leaves. It doesn't just alert: it explains why, validates the finding, and rewrites the code and does it 100% local, no API, no telemetry, no training the next model with your own code. It's edge AI built for developers, consultant or pentesters after a whitebox test, who can't (or won't) share the code.

Skill Inspector helps you analyze and understand the capabilities, risks, and behaviors of AI skills before they reach production. It inspects how skills are defined, what tools and permissions they rely on, and how they behave across different scenarios. Whether you're building copilots or AI-powered apps, Skill Inspector gives you the visibility and confidence to ship AI safely. Identify risky patterns, validate skill behavior, and ensure your AI does exactly what you expect - no surprises.

MindFort is the fastest way to deploy security agents. We secure your stack via autonomous agents that learn as they hack. We validate each vulnerability and give you native ways to patch. Built by a team with 15+ years of Cybersecurity experience. YC X25. Used by top startups + public companies.

Your SCA checks for CVEs. It doesn't check whether anyone is still maintaining the software. That's a different question, and until now, no tool answered it well. We track lifecycle status across 12M+ package versions using official EOL declarations and ML-based detection of maintainer abandonment. Upload a package.json, pom.xml, requirements.txt, or any SBOM and see exactly what's still maintained and what isn't. Direct and transitive deps. Every major ecosystem. Free of charge.

Hacktron collaborates in your workflow, identifies real vulnerabilities, and empowers developers like a senior security engineer. We combine deep code-level security review with automated pentesting to help teams find real issues faster, cut through low-signal findings, and give developers remediation information they can actually act on. Built by elite hackers who've spent careers exploiting the most complex and high-value targets, we operate by one principle: PoC || GTFO.

Cerberus is the world's first safe AI hacker. You can hack your entire app in plain English with a prompt "find vulnerabilities and exploit them in example.com". We also built the world's first AI hacker that's mathematically safe to run on production. It uses a new programming language where every hacking action must come with a mathematical proof that you authorized it — no proof, no action. Point it at your app, come back in 3-4 hours with a full security report.

The new Strix platform gives devs continuous security in one place: continuously pentest your apps, block vulnerable PRs before merge, generate merge-ready fixes, and track security posture over time.

Osintir protects your images and videos with invisible AI fingerprints and cryptographic proof, detecting deepfakes, unauthorized use, and identity theft across the web.

Monitor, measure, and mitigate GenAI model vulnerabilities through real-time analytics, automated probing, and insights driven from thousands of human researchers. The 0DIN Scanner delivers continuous assurance that your models remain secure. Test for jailbreaks, prompt injections, and data leakage in minutes. Deploy via Docker or SaaS, get a full security report, and compare your results against base lines from the frontier providers.

Developed by a team with 20+ years of experience in email deliverability, DMARKOFF is powerful enough for pros, and simple enough for everyone. You can manage all your domains in one place, organize them into projects, and share access safely. Instead of tying cost to messages, users or features, the pricing is simple: just $10 per domain, with unlimited reports and users. Unsure about what to fix first? Your personal AI assistant will help you analyze DMARC reports and provide clear next steps.

ORGN CDE is the enterprise AI IDE for developers who require privacy. A powerful AI code generator and software development tool guaranteeing security with confidential computing, provable encryption, and zero data retention.

OpenBox provides a trust platform for agentic AI, delivering runtime governance, cryptographic verification, and enterprise-grade compliance. Integrates via a single SDK with LangChain, LangGraph, Temporal, n8n, Mastra, and more. Available to every organization with no usage limits.

Free open-source macOS menu bar app for Claude Code. Browse full session history, search across conversations, track token costs per project with Anthropic or Vertex AI pricing. Built-in secret detection scans every session for leaked API keys, tokens, and credentials. Config health linter runs 19 rules against your CLAUDE.md files, skills, and hooks. Works with Enterprise API deployments (no cookies needed). Native Swift/SwiftUI, 100% local, zero telemetry. MIT licensed.

Runtime security for developers and AI agents. EDAMAME watches what code does on your machine — not what it claims to be. It detects credential harvesting, C2 beaconing, and temp-directory execution through behavioral invariants that hold across every supply chain attack variant. Four independent detection layers, 60-second cycles, zero configuration. Proven against Trivy, LiteLLM, and axios hacks. Free, open source, works on macOS/Windows/Linux.

Right now, while you're reading this, your Mac is making connections you never asked for. Background processes phoning home. Apps syncing data you didn't approve. Unknown servers in countries you've never heard of. Netwoke is the ultimate macOS privacy tool that shows exactly what your computer is doing online. Monitor network connections, understand data flows, and protect your privacy with AI-powered insights. No technical knowledge required.

Turn your AI agent from a liability into a differentiator. hoop.dev connects Claude Code to your internal systems without needing credentials. hoop.dev intercepts all commands, letting you control what data Claude Code can access and update.

Lovable and Aikido bring pentesting into the platform, allowing builders to simulate real-world attacks and fix issues before shipping.

Protect your team's data with real-time DLP for ChatGPT, Claude & Gemini. Share prompts securely, enforce AI policies, and get full compliance audit trails. Free for up to 3 members.

MCP lets AI agents connect to your tools, but its built-in auth is limited. There's no fine-grained authorization, no governance, and no connection to your existing IdP infrastructure. Permit MCP Gateway is a zero-trust proxy that adds what's missing to any MCP server without touching its code. Swap one URL and every tool call gets OAuth authentication, Zanzibar-style authorization, consent screens, and full decision logging. No SDK to install. No agents to rewrite. Works with any MCP server.

ClawSecure is CrowdStrike for OpenClaw AI agents. 3-layer security audit, real-time Watchtower monitoring, agent marketplace and identity security, and full 10/10 OWASP ASI coverage. 41% of top skills are dangerous. 1 in 5 are sending your data to attackers. Secure your agents in 30 seconds for free. clawsecure.ai